Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

***analyzing CBS.log (The only trouble is finding it)


  • Please log in to reply
20 replies to this topic

#1 jrb11

jrb11

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 16 June 2017 - 12:40 PM

~Thanks (Support Persons and Personnel) for reading my inquiry !  

(and hopefully you can help bring my nightmare to an end... Thanks !)

 

Since I am using my Sister's former Toshiba Laptop, (she passed in 2011) I wrongfully assumed that it was configured for setting restore points.  Not the case... none were ever set.

 

TROUBLE WAS, installed a Blue Tooth Driver, for an Insignia BT Adapter, and despite installing ok, and that it recognized and paired with my devices (2) it never communicated any sound through the BT Devices. (I used a Broadcom BCM 20702A0 which is noted in some troubleshooting reports as  btrez.dll )

 

I removed the driver from within Device Manager. (Emsisoft's Tech said shouldn't have done that).

>> Laptop went into SPIN CYCLE, folders on my desktop began dissappearing....

 

I thought a major virus or spyware or other attack, I shut down the system immediately... it has never rebooted even in safe mode, or after running any "fix" of any sort from any angle.

 

CANNOT EVER BOOT IN SAFE MODE, BSOD. I MUST USE RECOVERY CD, GO TO COMMAND PROMPT.  HAVE RUN ALL THE FIXES FROM THE RECOVERY CD UTILITY LIST, NO FIX DESPITE ALL THE "CONFIRMATIONS" FR MicroSoft's response when utility completes.

 

EVEN BOUGHT AND TRIED THE EasyRE Windows Repair DVD, It said it fixed the problem, but alas, it did not fix anything.

 

I am using Win7 recovery CD to get to a command prompt. (only access path at this time)

 

All the usual fixes haven't worked (at least 15 hrs in the weeds here, even w Emsisoft's great help).

 

After trying diligently, reading - trying many solutions listed here, and by the graces of one of Emsisoft's Key Troubleshooters (alas this Topic Title upon his recommendation)

HE REFFERED ME TO POST THIS TROUBLE TOPIC HERE FOR YOUR GRACIOUS ANALYSIS AND REFLECTIONS....

 

AFTER RUNNING FARBAR  FRST, And noting some issues, the Emsisoft Tech had me run

sfc /scannow /offbootdir=D:\ /offwindir=D:\Windows

AFTER RUNNING  sfc /scannow /offbootdir=D:\ /offwindir=D:\Windows

ERROR WAS: 

"WINDOWS RESOURCE PROTECTION COULD NOT PERFORM THE REQUESTED OPERATION"

 

WE WERE TRYING TO LOCATE AND REPAIR  TDI.SYS  as it had shown up in error reports as the possible culprit...

 

HE WAS AND I AM STUCK AT THIS POINT "CANNOT PERFORM REQUESTED OPERATION"

 

HIS LAST THOUGHT WAS:

 

"you're stuck analyzing CBS.log. The only trouble is finding it - using those commands (offbootdir, etc.) I think it will put it in D:\Windows\Logs\CBS\CBS.log, but I'm not positive. Alternatively, creating the FRST log I'd mentioned (defaults, not changing any checkboxes), and hoping the driver issue is apparent."

 

REALIZING THIS IS MY FIRST POST, AND ALOT HAS BEEN COVERED IN A BRIEF PERIOD OF TIME, I WILL LEAVE THIS STATUS AT THIS POINT FOR ANYONE'S REFLECTION AND COMMENTS.  AGAIN, Thanks Ever So Much !!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:07:39 PM

Posted 16 June 2017 - 01:05 PM

Hi,

 

Is the work done with the help of the Emsisoft Tech available on a public forum? can you post a link to that topic?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 jrb11

jrb11
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 16 June 2017 - 01:06 PM

MORE PICS For Reference...

Attached Files



#4 jrb11

jrb11
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 16 June 2017 - 01:11 PM

@SleepyDude

 

Sorry... NO, It was an email tennis match... all I have are screen captures and FRST  reports... if that would help... Thanks.



#5 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 2,989 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:39 PM

Posted 16 June 2017 - 01:28 PM

Hi,

 

Can you tap F8 during startup right after the BIOS splash screen and select Disable Driver Signature Enforcement, which will disable Windows's Kernel Mode Code Signing (KMCS) policy, a security feature introduced in Windows Vista designed to protect core kernel mode components.

 

Can you computer boot after that?

 

Regards,

bwv848


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#6 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 16 June 2017 - 01:46 PM

To analyze the CBS.log after running SFC (System File Checker) -

 

1. Open an elevated (Run as Administrator) Command Prompt.

 

2. Copy and paste the following command, followed by Enter.

 

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > "%userprofile%\Desktop\sfcdetails.txt"

 

This will put a file called sfcdetails.txt on your desktop, with the SFC results.


Edited by jwoods301, 16 June 2017 - 01:54 PM.


#7 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 16 June 2017 - 01:57 PM

If after running SFC multiple times and the issue is not corrected, run the Sysnative tool SFCFix, which can be downloaded from MajorGeeks -

 

http://www.majorgeeks.com/files/details/sfcfix.html



#8 jrb11

jrb11
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 16 June 2017 - 01:59 PM

Bleepin' Owl

 

Sorry... TRIED THAT ONE ABOUT 3/4 WAY THROUGH THIS TROUBLESHOOTING NIGHTMARE ...  LOL



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,549 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:39 PM

Posted 16 June 2017 - 02:16 PM

Why don't you just do a factory restore?  It would seem that the permissions would need changing also...if the system originally was set up in your sister's name...and a factory restore clears the table of dirty dishes.

 

Louis



#10 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 16 June 2017 - 02:18 PM

Why don't you just do a factory restore?  It would seem that the permissions would need changing also...if the system originally was set up in your sister's name...and a factory restore clears the table of dirty dishes.

 

Louis

 

A couple more things to try before using the "nuclear option".



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,549 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:39 PM

Posted 16 June 2017 - 02:19 PM

:thumbup2:.

 

Louis



#12 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 16 June 2017 - 02:24 PM

Bluescreens on TDI.sys are not uncommon.

 

Third option to try if SFC and SFCFix do not resolve the issue is the Windows System Update Readiness Tool for Windows 7.

 

https://www.microsoft.com/en-us/download/details.aspx?id=3132



#13 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 2,989 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:39 PM

Posted 16 June 2017 - 02:35 PM

jwoods301,

 

The OP cannot start Windows normally, so how is he supposed to run SFCFix or SURT?

 

jrb11,

 

Can you plug a USB into your computer and enter the following commands in the command prompt:

copy D:\Windows\Minidump\*.dmp "Z:\"

Where Z is the drive letter of your USB. Then go to a working machine and zip and attach the dump files in your next reply.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#14 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 16 June 2017 - 02:39 PM

"The OP cannot start Windows normally, so how is he supposed to run SFCFix or SURT?"

 

SFCFix can be run from the Command Prompt.

 

SURT cannot.

 

Mentioned to hamluis as the last option before a clean install.


Edited by jwoods301, 16 June 2017 - 02:40 PM.


#15 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 2,989 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:39 PM

Posted 16 June 2017 - 02:52 PM

Sorry, but are you sure that SFCFix can be run from the Recovery Environment? A lot of resources aren't available in the RE.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users